[thelist] SSL Certificate Choices

Robert Gormley robert at pennyonthesidewalk.com
Sat Jan 26 16:09:04 CST 2008


That seems odd. Are you saying that if the entire chain is on the
server, up to and including a root certificate, the browser will not
prompt for the use of an untrusted root cert? That seems both odd, and
an utterly huge security hole...

Robert

-----Original Message-----
From: thelist-bounces at lists.evolt.org
[mailto:thelist-bounces at lists.evolt.org] On Behalf Of Joshua Olson
Sent: Friday, January 25, 2008 4:27 PM
To: thelist at lists.evolt.org
Subject: Re: [thelist] SSL Certificate Choices

> -----Original Message-----
> From: kasimir-k
> Sent: Friday, January 25, 2008 5:54 PM
> 
> Using a free certificate the visitors must usually excplictly 
> accept the CA as trusted. And if it is a site targeted to 
> general public, the browser popping up a question "do you 
> really trust this certificate authority?" does not appear 
> too trustworthy...

I do not concur with the premise of this argument.  Free or inexpensive
certificates do not inherently present such a message--all that is
required
to avoid the message is to put the intermediate certificates (the whole
chain) on the server.

Check out alphaSSL.  

Joshua


-- 

* * Please support the community that supports you.  * *
http://evolt.org/help_support_evolt/

For unsubscribe and other options, including the Tip Harvester 
and archives of thelist go to: http://lists.evolt.org 
Workers of the Web, evolt ! 



More information about the thelist mailing list